Symantec has taken the unusual step of commenting on a story about a customer, issuing a robust statement denying its anti-virus products were to blame for sophisticated targeted attack on the New York Times.
The Gray Lady revealed yesterday that it had been persistently attacked for four months by China-based cyber insurgents …

COMMENTS

Well to put faith piece of software to do all the protection when they know they been getting attacked consistently for months. Seems Like NY Times dropped the ball on protecting their networks. Granted Symantec is not the greatest software, but even the best software has flaws and holes that will be found. Less the IT staff takes steps to protect the network this will happen.

One in 45? Who to blame . . .

Over the course of three months, attackers installed 45 pieces of custom malware. The Times — which uses antivirus products made by Symantec — found only one instance

I'm no fan of Symantec, and don't use antivirus products myself, but with such a poor performance, I wouldn't be so fast to blame Symantec. There is something else wrong here. Someone dropped the ball and is trying to blame someone else.

As if to re-iterate its message on the prevalence of advanced targeted attacks, Symantec warned in a new blog post published on Friday of a sophisticated spear phishing campaign targeting the directors and VPs of aerospace and defence firms.

You might like to consider that as an irregular and unconventional CV submission from that/those which targeted firms/beings [for no matter how continentallly big or beautifully small a business/operation/administration be, there is always just one final decision-maker/event producer in overall remote control of collective distributed power] need, in order to remain at the forefront of lead, even though the actual reality be that they be following leads sublimely delivered to them by that/those which are simply reprogramming second and third party prime base metadata instruction sets for reinforcing compatibility guaranteeing preeminent dominance in first party power generation and supply ... Intelligent Source Output Systems Input, for both constructive and disruptive and even destructive recursive methodologies which deliver progressing learning memes which have analysed and incorporated, or discarded as unnecessary, competitive contemporaries' chains of intelligence supply for universal control of globalised circles of command and contro/Earthed SCADA Systems Admin. ........... which offers and is a somewhat spooky alien control of humanity with Advanced Intelligence?

And delivered there as a question because a statement wouldn't provide y'all with future answers for media and news presentations which replace the past with what is to be.

To think and try to maintain and retain a current dominant and preeminent position/situation from the past, for a present which is building a more perfect future for all with zero negative historical baggage which remembers and pimps mistakes and traumas of the past, is not an aid to progress into a better future, it is more a corrupt hindrance and perverse tacit admission of bankruptcy in Intellectual Property Supply and Internet Server Service Provision, which condemns one and all so decidedly controlled and designedly entertained to stagnate and be petrified/terrified/terrorised.

Which very much appears to be the current present overall position/situation whenever on ponders and contemplates/analyses and deconstructs the bigger pictures being broadbandcast to you via media and news?

All news is lies and all propaganda is disguised as news.-- Willi Munzenberg .... Amen :-)

You can avoid reality, but you cannot avoid the consequences of avoiding reality. …. Ayn Rand ..... Hallelujah :-)

Still doesn't work with all protections on

The company I am currently at use Symantec End Point security with all the bells and whistles turned on and it did not stop or detect the recent Java exploits, the only thing that did was the FireEye boxes we have recently installed.

The FireEye boxes are in detect mode only (evaluation going on) so we found out about it but a number of PC's had already been infected by that point. Without FireEye who knows how long it would have been.

Re: Still doesn't work with all protections on

CVE's arent always submitted/approved for release before disclosure happens... and possibly some are disclosed against 'ethical standards', so they wouldnt exist in the CVE databases until they're classified 'in the wild'?

However decent heuristics solutions... should... at least, detect and prevent unusual 'activity' at minimum, in the event of attack... at least, it then should isolate the issue before its allowed to spread?

Caution should always be taken with infected machines, since spreading methods seem to have multiplied and mutated.

HIPS may also use a form of signature based heuristics? Some in depth tools... can sometimes detect unusual processes/dlls loaded into processes or even modifications of files... that are running (although, it can quarantine "false positives" for 'abstractly designed/placed files')

Rootkits on the other hand are slightly more advanced once they infect.

Quick! Get out the hex editors! All hands on deck, run for the hills, batton down the hatches and so forth!

Symantec is right

Symantec is right.. most companies tend to install AV on a basic level and forget it. When new features are added, companies tend to ignore them.. up until there's a massive failure of the signature-only detection, and then they blame the product and shitcan it, replacing it with something else which may be no better.

Obviously, defence in depth is better.. especially against APTs. What strikes me as odd though is that Symantec did actually seem to detect part of the attack. It was probably therefore a failure of the NYT that they didn't properly investigate the malware incident (unless of course that's how they discovered it!)

New features may cripple your daily tasks - often in subtle ways - and people will disable them

When we installed the "endpoint security" from a well-known AV vendor - some internal applications stopped to work. Tracing what was happening, we found that the tool was blocking HTTP connections (to internal servers) without notifying the user. Most notifications are turned off by default, and simply the applications seemed to stop working. Moreover its "reputation" system when attempting to download some tools that can be classified as "hacking tools" but may have legitimate uses by sysadmin, was damaging downloads once again without notifying the user, we got corrupted zip files only instead of a message telling what was really going on. These behaviors by default are really stupid - people will just find the computer is running slower, application that was working now don't, and downloads gets corrupted. Without a proper explanation on what's happened, the average user will just think the "endpoint security" is just crapware, and disable it. Software vendors should stop to think they are smarter and they can outsmart the user. This way they are just delivering silly solutions users are not going to use because of that.

If you are a high profile business user, you have a duty of care to your share holders to secure your network and therefore not to deploy a platform that is the target of the greatest number hacking attacks.

Strangely, even though the above statements have been released, the majority of AV vendors like to trumpet their zero day abilities, until that is, the zero day performance is actually exposed.

What goes around comes around...

Now, obviously I tend to agree with comments above that the statement from NYT sure sounds naive to say the least.

However.. Its also fair to note that these days you don't get "virus scanners" anymore; no, you get whole "Internet protection suites", just check the product page of Symantec's Antivirus 2013: "Harness global power – only Norton™ can bring you the ultra-fast Network Defense Layer to block a multitude of threats before they can even touch your PC.

Or what to think about: "Protection from the future, available today – our exclusive reputation and behavior antivirus technology are so advanced that they can stop online threats that bad guys haven't even created yet.".

If you boast like that and something does go wrong, you're bound to tick someone off who's not going to sit quiet and simply blames himself.

Most businesses only spend money on IT professionals when it matters.

Agree with both ...

I understand what Symantec are saying , but the essence of IT security is about defence in depth. Each layer must do it's part. WSJ is expecting their AV scanner to detect malware , well it should shouldn't it ? True it shouldn't have been the only hurdle to cross , but Symantec cannot shrug their shoulders and say 'yeah well we kind of expected something else to deal with that".

Ya think?

New malware is created thousands of times per day. Symantec and other AV companies (but not all), issue new AV updates HOURLY. If an entitiy isn't smart enough to update their AV software every few hours or automatically, then they can expect to get hit time after time because they are reactive and not pro-active.

Google: Symantec Sucks

Google: Symantec Sucks.

Documentary blog should be top hit.

There's a special spot in Hell reserved for the management and staff of Symantec circa 2005-2008. They contributed so much misery to society (especially to those running NAV '07) that they can never make adequate amends.

Can't Symantec sell security configuration as a product? Or as a service?

We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security.

Why doesn't Symantec sell such solutions? They only seem to sell individual products. Can I go to a Symantec rep and hire a consultant from them?

I would like to see what John Thompson's company uses in-house. They most likely use Windows, if for no other reason than to test their products, they would definitely use their own products rather than pay a competitor to use theirs, and we don't hear about them falling prey to attacks.

I have a newspaper administrator friend

Watching administrator friend dealing with personnel, from columnists to graphics interns (removed AV because Mac has no virus) on a politically attacked newspaper tells me this time, symantec is the victim.

It is not NY times. A third world newspaper dealing with major powers.

You have to understand the wrong beginnings of computers in such organisations. They started as "cool electric typewriters" and for most, stayed that way.

I am sure if you visit the Guardian etc, you will sure see absurdly unprotected computers, people insisting to forward all their mail to gmail, people being bugged by antivirus installed to their macs while it has no effect in ordinary use etc.